Show Dependency Scanning results in the Group Security Dashboard
Problem to solve
The Group Security Dashboard currently shows only SAST results. This is a good starting point, but we need to add more source of vulnerabilities and cover all the reports we have.
The next step is to add Dependency Scanning results to the dashboard.
Further details
This issue requires https://gitlab.com/gitlab-org/gitlab-ee/issues/6718 to be merged in a previous iteration.
Proposal
Those are the requirements:
- add Dependency Scanning to the list of sources (see https://gitlab.com/gitlab-org/gitlab-ee/issues/6240)
- the results will be shown in the list, and action items available, in the most similar way to SAST
- the summary and metrics must consider both SAST and Dependency Scanning results
Design
Modal with Report type
|
Report type filter |
|---|---|
 |
 |
| We will add in a new line for Report type in the modal. This will be included in all opened from security reports and dashboards and display the correct report type for the specific vulnerability; SAST, Dependency Scanning, Container Scanning, and DAST. | The Report type filter will have dependency scanning added to dropdown. We will not add in a report column to the list as this information is redundant and has not yet been proven beneficial to the user at this time. |
Design Specs:
What does success look like, and how can we measure that?
Security teams will use the Group Security Dashboard to fix their Dependency Scanning vulnerabilities.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.